Three Types of Passphrases

A short guide on how to generate the best passphrases for your digital life.

The Three Types of Passphrases

The first step to a healthy digital life is an easy-to-implement strategy for managing your account credentials. You notice we’re using the term “passphrases” instead of pass “passwords.” Do you wonder why? In short, passwords are obsolete. They’re too short, they tend to be unimaginative, and chances are, they’re already in one of the many databases of breached credentials floating around on the web.

Over the last few years, there have been way too many data breaches, where millions of users’ passwords have been dumped onto the open web, and traded between criminal organizations. While this is bad enough, our tendency to reuse passphrases makes us even more insecure: even if you don’t really care that hackers have your LinkedIn password, if you’ve reused it anywhere else, they could gain access to another, more important account that you do care about.

Here are three tips for generating complex, but painless passphrases. Incorporating a mixture of the following types for different accounts will greatly improve your digital security. And remember, no matter how robust your new passphrases are, you should enable two-factor authentication for each account where available. (Check out the site, https://twofactorauth.org, for more info!)

First Type : Short Codes

First layer of complexity : take the abbreviation of the lyric to create a seemingly “random" string. Passphrase becomes jmlfccmnsoyacs

Second layer : switch up the case, for a mix of uppercase and lowercase letters. Passphrase becomes jmLFccMNsoyacs

Third layer : substitute letters for numbers. jm1FccMN50y4c5

Fourth layer : add punctuation !jm1FccMN50y.4c5!

Good to use on:

Mobile devices (unlock/decrypt phone)

User account on your computer (unlock/decrypt Mac)

Web services where you have two-factor auth turned on

Second Type : Password Database

Passphrase Managers store an unlimited number of credentials in a database. That way, you never have to remember them, and you can easily eliminate password reuse from your live entirely! With a passphrase manager like KeePassX (which stores your passphrases on a local file on your machine) or LastPass (which stores your passphrases on third-party servers), you can generate long, complex, and virtually uncrackable passphrases like:

Third Type : Diceware

Get out 5 dice, a copy of the diceware word list, and generate your own strong, long, uncrackable and memorizable passphrases. Each roll corresponds to a word on the list. String 5 to 8 random words together, and create a funny story in your head to aid your memory. Your passphrase might look something like: